From fe0574c9e748a8f888fc058acfade9424d2e3924 Mon Sep 17 00:00:00 2001 From: Ivan Rako Date: Wed, 18 Jul 2018 15:24:39 +0200 Subject: [PATCH] izmjene za stretch --- debian/changelog | 6 ++ debian/config | 44 +++++----- debian/control | 8 +- debian/postinst | 221 +++++++++++++++++++++++--------------------------- debian/postrm | 52 ++++++------ debian/prerm | 70 ++++++++-------- debian/source/format | 1 - 7 files changed, 196 insertions(+), 206 deletions(-) delete mode 100644 debian/source/format diff --git a/debian/changelog b/debian/changelog index 1add040..78e95b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +mod-security-cn (2.9.1~cn0) stable; urgency=low + + * Prva verzija za stretch + + -- Ivan Rako Wed, 18 Jul 2018 15:17:46 +0200 + mod-security-cn (2.8.0+2) stable; urgency=low * Nacin aktivacije ModSecurity modula u debian/postinst. diff --git a/debian/config b/debian/config index c5cc1b5..487ffe9 100644 --- a/debian/config +++ b/debian/config @@ -6,10 +6,10 @@ set -e . /usr/share/debconf/confmodule if [ "$1" != reconfigure ]; then - db_fget mod-security-cn/rbl seen - if [ "$RET" = "true" ]; then - exit 0 - fi + db_fget mod-security-cn/rbl seen + if [ "$RET" = "true" ]; then + exit 0 + fi fi A2DIR="/etc/apache2" @@ -25,17 +25,17 @@ MODSECCONF="$MODSECDIR/mod-security-cn.conf" # 2 - file exists, but it is not tagged # chk_conf_tag () { - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + local conf_file + conf_file="$1" + RET=1 + + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } @@ -43,15 +43,15 @@ chk_conf_tag () { # chk_conf_tag "$MODSECCONF" if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - # Configuration file is tagged or does not exist - ask user - # for RBL. - db_title mod-security-cn - konfiguracija - db_input critical mod-security-cn/rbl || true - db_go || true + # Configuration file is tagged or does not exist - ask user + # for RBL. + db_title mod-security-cn - konfiguracija + db_input critical mod-security-cn/rbl || true + db_go || true else - # Configuration file is not tagged - skip question. - db_set mod-security-cn/rbl false || true - db_fset mod-security-cn/rbl seen true + # Configuration file is not tagged - skip question. + db_set mod-security-cn/rbl false || true + db_fset mod-security-cn/rbl seen true fi exit 0 diff --git a/debian/control b/debian/control index e06b296..648c0dc 100644 --- a/debian/control +++ b/debian/control @@ -1,15 +1,15 @@ Source: mod-security-cn Section: httpd Priority: optional -Maintainer: Dragan Dosen +Maintainer: Ivan Rako Build-Depends: debhelper (>> 9), po-debconf -Standards-Version: 3.9.6 +Standards-Version: 3.9.8 Homepage: http://www.modsecurity.org/ Package: mod-security-cn Architecture: all -Pre-Depends: libapache2-mod-security2 (>= 2.8.0-3) -Depends: carnet-tools-cn (>= 3.1.0), ${misc:Depends} +Pre-Depends: libapache2-mod-security2 (>= 2.9.1-2) +Depends: carnet-tools-cn (>= 3.2.1), ${misc:Depends} Description: Tighten web applications security for Apache Modsecurity is an Apache module whose purpose is to tighten the Web application security. Effectively, it is an intrusion detection and prevention diff --git a/debian/postinst b/debian/postinst index fd77bf0..24ab874 100644 --- a/debian/postinst +++ b/debian/postinst @@ -2,28 +2,13 @@ set -e +[ "$1" = "configure" ] || exit 0 [ "$DEBIAN_SCRIPT_DEBUG" ] && set -vx -case "$1" in - configure) - # continue below - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - exit 0 - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 0 - ;; -esac - - -# Load debconf +# Load Debconf . /usr/share/debconf/confmodule -# Include CARNet functions +# Load CARNet Tools . /usr/share/carnet-tools/functions.sh PKG="mod-security-cn" @@ -40,17 +25,17 @@ temp_files= if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then - . /usr/share/apache2/apache2-maintscript-helper + . /usr/share/apache2/apache2-maintscript-helper - modsecurity_enable() { - return 0 - } + modsecurity_enable() { + return 0 + } else - cp_echo "CN: Could not load Apache 2.4 maintainer script helper." + cp_echo "CN: Could not load Apache 2.4 maintainer script helper." - modsecurity_enable() { - return 1 - } + modsecurity_enable() { + return 1 + } fi # cleanup() @@ -58,15 +43,15 @@ fi # Cleanup all temp files or directories. # cleanup () { - local item - - if [ -n "$temp_files" ]; then - for item in $temp_files; do - if [ -e "$item" ]; then - rm -rf $item - fi - done - fi + local item + + if [ -n "$temp_files" ]; then + for item in $temp_files; do + if [ -e "$item" ]; then + rm -rf $item + fi + done + fi } # chk_conf_tag () @@ -77,17 +62,17 @@ cleanup () { # 2 - file exists, but it is not tagged # chk_conf_tag () { - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + local conf_file + conf_file="$1" + RET=1 + + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } @@ -99,14 +84,14 @@ trap cleanup 0 1 2 15 # Enable ModSecurity and unique_id Apache2 modules. # if modsecurity_enable; then - apache2_invoke enmod security2 + apache2_invoke enmod security2 fi # Remove obsolete symbolic link. # if [ "`readlink -q -m /etc/apache2/conf.d/$PKG.conf`" = "$MODSECCONF" ]; then - rm -f /etc/apache2/conf.d/$PKG.conf + rm -f /etc/apache2/conf.d/$PKG.conf fi @@ -116,97 +101,97 @@ fi chk_conf_tag "$MODSECCONF" if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - # Create /etc/apache2/conf-available/ directory if missing. - if [ ! -d "$CONFDIR" ]; then - cp_echo "CN: Creating configuration directory $CONFDIR/" - mkdir -p $CONFDIR/ - fi - - # Create /etc/apache2/mod-security/ directory if missing. - if [ ! -d "$MODSECDIR" ]; then - cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/" - mkdir -p $MODSECDIR/ + # Create /etc/apache2/conf-available/ directory if missing. + if [ ! -d "$CONFDIR" ]; then + cp_echo "CN: Creating configuration directory $CONFDIR/" + mkdir -p $CONFDIR/ + fi + + # Create /etc/apache2/mod-security/ directory if missing. + if [ ! -d "$MODSECDIR" ]; then + cp_echo "CN: Creating ModSecurity configuration directory $MODSECDIR/" + mkdir -p $MODSECDIR/ + fi + + out=$(mktemp $MODSECCONF.XXXXXX) + temp_files="${temp_files} ${out}" + + db_get mod-security-cn/rbl || true + if [ "$RET" = "true" ]; then + + # Add RBL configuration. + chk_conf_tag "$MODSECRBL" + if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then + + if [ $RET -eq 1 ]; then + cp_echo "CN: Creating configuration file $MODSECRBL" + cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" + else + if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then + cp_echo "CN: Updating configuration file $MODSECRBL" + cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" + fi + fi fi - out=$(mktemp $MODSECCONF.XXXXXX) - temp_files="${temp_files} ${out}" - - db_get mod-security-cn/rbl || true - if [ "$RET" = "true" ]; then - - # Add RBL configuration. - chk_conf_tag "$MODSECRBL" - if [ $RET -eq 0 ] || [ $RET -eq 1 ]; then - - if [ $RET -eq 1 ]; then - cp_echo "CN: Creating configuration file $MODSECRBL" - cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" - else - if ! cmp -s "$MODSECRBL" "$MODSECTPL/$(basename $MODSECRBL)"; then - cp_echo "CN: Updating configuration file $MODSECRBL" - cp "$MODSECTPL/$(basename $MODSECRBL)" "$MODSECRBL" - fi - fi - fi + sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \ + "$MODSECTPL/$(basename $MODSECCONF)" > "$out" - sed "s,#RBLLOOKUP#,Include $MODSECRBL,g" \ - "$MODSECTPL/$(basename $MODSECCONF)" > "$out" - - if [ -e "$MODSECCONF" ]; then - if ! cmp -s "$MODSECCONF" "$out"; then - cp_echo "CN: Updating configuration file $MODSECCONF" - mv -f "$out" "$MODSECCONF" - cp_echo "CN: Enabled ModSecurity RBL lookup." - fi - else - cp_echo "CN: Creating configuration file $MODSECCONF" - mv "$out" "$MODSECCONF" - cp_echo "CN: Enabled ModSecurity RBL lookup." - fi + if [ -e "$MODSECCONF" ]; then + if ! cmp -s "$MODSECCONF" "$out"; then + cp_echo "CN: Updating configuration file $MODSECCONF" + mv -f "$out" "$MODSECCONF" + cp_echo "CN: Enabled ModSecurity RBL lookup." + fi else + cp_echo "CN: Creating configuration file $MODSECCONF" + mv "$out" "$MODSECCONF" + cp_echo "CN: Enabled ModSecurity RBL lookup." + fi + else + + # Remove RBL configuration. + sed "s,#RBLLOOKUP#,# DISABLED,g" \ + "$MODSECTPL/$(basename $MODSECCONF)" > "$out" + + if [ -e "$MODSECCONF" ]; then + if ! cmp -s "$MODSECCONF" "$out"; then + cp_echo "CN: Updating configuration file $MODSECCONF" + mv -f "$out" "$MODSECCONF" + cp_echo "CN: Disabled ModSecurity RBL lookup." + fi + else + cp_echo "CN: Creating configuration file $MODSECCONF" + mv "$out" "$MODSECCONF" + cp_echo "CN: Disabled ModSecurity RBL lookup." + fi - # Remove RBL configuration. - sed "s,#RBLLOOKUP#,# DISABLED,g" \ - "$MODSECTPL/$(basename $MODSECCONF)" > "$out" - - if [ -e "$MODSECCONF" ]; then - if ! cmp -s "$MODSECCONF" "$out"; then - cp_echo "CN: Updating configuration file $MODSECCONF" - mv -f "$out" "$MODSECCONF" - cp_echo "CN: Disabled ModSecurity RBL lookup." - fi - else - cp_echo "CN: Creating configuration file $MODSECCONF" - mv "$out" "$MODSECCONF" - cp_echo "CN: Disabled ModSecurity RBL lookup." - fi - - chk_conf_tag "$MODSECRBL" - if [ $RET -eq 0 ]; then - cp_echo "CN: Removing configuration file $MODSECRBL" - rm -f "$MODSECRBL" - fi + chk_conf_tag "$MODSECRBL" + if [ $RET -eq 0 ]; then + cp_echo "CN: Removing configuration file $MODSECRBL" + rm -f "$MODSECRBL" fi + fi - if [ -f "$out" ]; then rm -f $out; fi + if [ -f "$out" ]; then rm -f $out; fi fi # Enable ModSecurity configuration. # if [ ! -e "$MODSECLNK" ]; then - ln -fs "$MODSECCONF" "$MODSECLNK" + ln -fs "$MODSECCONF" "$MODSECLNK" fi if modsecurity_enable; then - cp_echo "CN: Enabling $PKG configuration for Apache2." - apache2_invoke enconf security2-cn + cp_echo "CN: Enabling $PKG configuration for Apache2." + apache2_invoke enconf security2-cn fi db_stop || true if ! apache2ctl configtest >/dev/null 2>&1; then - cp_echo "CN: Your Apache2 configuration seems to be broken." - cp_echo "CN: Please, check the service after the installation finishes!" + cp_echo "CN: Your Apache2 configuration seems to be broken." + cp_echo "CN: Please, check the service after the installation finishes!" fi diff --git a/debian/postrm b/debian/postrm index 122c128..83e5d86 100644 --- a/debian/postrm +++ b/debian/postrm @@ -17,42 +17,42 @@ MODSECLNK=/etc/apache2/conf-available/security2-cn.conf # 2 - file exists, but it is not tagged # chk_conf_tag () { - local conf_file - conf_file="$1" - RET=1 - - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + local conf_file + conf_file="$1" + RET=1 + + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then - . /usr/share/apache2/apache2-maintscript-helper - - modsecurity_enable() { - chk_conf_tag "$MODSECLNK" - if [ $RET -ne 2 ]; then - echo "CN: Purging $PKG configuration for Apache2." - return 0 - fi - return 1 + . /usr/share/apache2/apache2-maintscript-helper + + modsecurity_enable() { + chk_conf_tag "$MODSECLNK" + if [ $RET -ne 2 ]; then + echo "CN: Purging $PKG configuration for Apache2." + return 0 + fi + return 1 } else - echo "CN: Could not load Apache 2.4 maintainer script helper." + echo "CN: Could not load Apache 2.4 maintainer script helper." - modsecurity_enable() { - return 1 - } + modsecurity_enable() { + return 1 + } fi if [ "$1" = "purge" ] ; then - if modsecurity_enable; then - apache2_invoke disconf security2-cn - fi + if modsecurity_enable; then + apache2_invoke disconf security2-cn + fi fi #DEBHELPER# diff --git a/debian/prerm b/debian/prerm index 379b383..2a26bb4 100644 --- a/debian/prerm +++ b/debian/prerm @@ -16,53 +16,53 @@ MODSECLNK=/etc/apache2/conf-available/security2-cn.conf # 2 - file exists, but it is not tagged # chk_conf_tag () { - local conf_file - conf_file="$1" - RET=1 + local conf_file + conf_file="$1" + RET=1 - if [ -f "$conf_file" ]; then - if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then - RET=0 - else - RET=2 - fi + if [ -f "$conf_file" ]; then + if egrep -q "^## Begin - Generated by CARNet package mod-security-cn$" "$conf_file"; then + RET=0 + else + RET=2 fi + fi } if [ -e /usr/share/apache2/apache2-maintscript-helper ]; then - . /usr/share/apache2/apache2-maintscript-helper + . /usr/share/apache2/apache2-maintscript-helper - modsecurity_enable() { - chk_conf_tag "$MODSECLNK" - if [ $RET -ne 2 ]; then - echo "CN: Disabling $PKG configuration for Apache2." - return 0 - fi - return 1 - } + modsecurity_enable() { + chk_conf_tag "$MODSECLNK" + if [ $RET -ne 2 ]; then + echo "CN: Disabling $PKG configuration for Apache2." + return 0 + fi + return 1 + } else - echo "CN: Could not load Apache 2.4 maintainer script helper." + echo "CN: Could not load Apache 2.4 maintainer script helper." - modsecurity_enable() { - return 1 - } + modsecurity_enable() { + return 1 + } fi if [ "$1" = "remove" ] || [ "$1" = "deconfigure" ]; then - # Disable ModSecurity configuration. - if modsecurity_enable; then - apache2_invoke disconf security2-cn - rm -f "$MODSECLNK" - fi + # Disable ModSecurity configuration. + if modsecurity_enable; then + apache2_invoke disconf security2-cn + rm -f "$MODSECLNK" + fi - # Remove configuration files generated by this CARNet package. - for mfile in "$MODSECCONF" "$MODSECRBL"; do - chk_conf_tag "$mfile" - if [ $RET -eq 0 ]; then - echo "CN: Removing configuration file $mfile" - rm -f "$mfile" - fi - done + # Remove configuration files generated by this CARNet package. + for mfile in "$MODSECCONF" "$MODSECRBL"; do + chk_conf_tag "$mfile" + if [ $RET -eq 0 ]; then + echo "CN: Removing configuration file $mfile" + rm -f "$mfile" + fi + done fi #DEBHELPER# diff --git a/debian/source/format b/debian/source/format deleted file mode 100644 index 89ae9db..0000000 --- a/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) -- 1.7.10.4